def test_create_with_mention(self): self.log_user() rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' text = '@%s check CommentOnRevision' % base.TEST_USER_REGULAR_LOGIN params = { 'text': text, '_session_csrf_secret_token': self.session_csrf_secret_token() } response = self.app.post(base.url(controller='changeset', action='comment', repo_name=base.HG_REPO, revision=rev), params=params, extra_environ={'HTTP_X_PARTIAL_XHR': '1'}) # Test response... assert response.status == '200 OK' response = self.app.get( base.url(controller='changeset', action='index', repo_name=base.HG_REPO, revision=rev)) response.mustcontain('''<div class="comments-number">''' ''' 1 comment (0 inline, 1 general)''') response.mustcontain('<b>@%s</b> check CommentOnRevision' % base.TEST_USER_REGULAR_LOGIN) # test DB assert ChangesetComment.query().count() == 1
def test_changeset_range(self): #print self.app.get(base.url(controller='changelog', action='index', repo_name=base.HG_REPO)) response = self.app.get( base.url( controller='changeset', action='index', repo_name=base.HG_REPO, revision= 'a53d9201d4bc278910d416d94941b7ea007ecd52...96507bd11ecc815ebc6270fdf6db110928c09c1e' )) response = self.app.get( base.url(controller='changeset', action='changeset_raw', repo_name=base.HG_REPO, revision='a53d9201d4bc278910d416d94941b7ea007ecd52')) response = self.app.get( base.url(controller='changeset', action='changeset_patch', repo_name=base.HG_REPO, revision='a53d9201d4bc278910d416d94941b7ea007ecd52')) response = self.app.get( base.url(controller='changeset', action='changeset_download', repo_name=base.HG_REPO, revision='a53d9201d4bc278910d416d94941b7ea007ecd52'))
def test_my_account_remove_ssh_key(self): description = '' public_key = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC6Ycnc2oUZHQnQwuqgZqTTdMDZD7ataf3JM7oG2Fw8JR6cdmz4QZLe5mfDwaFwG2pWHLRpVqzfrD/Pn3rIO++bgCJH5ydczrl1WScfryV1hYMJ/4EzLGM657J1/q5EI+b9SntKjf4ax+KP322L0TNQGbZUHLbfG2MwHMrYBQpHUQ== me@localhost' fingerprint = 'Ke3oUCNJM87P0jJTb3D+e3shjceP2CqMpQKVd75E9I8' self.log_user(base.TEST_USER_REGULAR2_LOGIN, base.TEST_USER_REGULAR2_PASS) response = self.app.post( base.url('my_account_ssh_keys'), { 'description': description, 'public_key': public_key, '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'SSH key %s successfully added' % fingerprint) response.follow() user_id = response.session['authuser']['user_id'] ssh_key = UserSshKeys.query().filter( UserSshKeys.user_id == user_id).one() assert ssh_key.description == 'me@localhost' response = self.app.post( base.url('my_account_ssh_keys_delete'), { 'del_public_key_fingerprint': ssh_key.fingerprint, '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'SSH key successfully deleted') keys = UserSshKeys.query().all() assert 0 == len(keys)
def test_create(self): self.log_user() pr_id = self._create_pr() text = 'general comment on pullrequest' params = { 'text': text, '_session_csrf_secret_token': self.session_csrf_secret_token() } response = self.app.post(base.url(controller='pullrequests', action='comment', repo_name=base.HG_REPO, pull_request_id=pr_id), params=params, extra_environ={'HTTP_X_PARTIAL_XHR': '1'}) # Test response... assert response.status == '200 OK' response = self.app.get( base.url(controller='pullrequests', action='show', repo_name=base.HG_REPO, pull_request_id=pr_id, extra='')) # PRs currently always have an initial 'Under Review' status change # that counts as a general comment, hence '2' in the test below. That # could be counted as a misfeature, to be reworked later. response.mustcontain('''<div class="comments-number">''' ''' 2 comments (0 inline, 2 general)''') response.mustcontain(text) # test DB assert ChangesetComment.query().count() == 2
def test_create_status_change(self): self.log_user() rev = '27cd5cce30c96924232dffcd24178a07ffeb5dfc' text = 'general comment on changeset' params = { 'text': text, 'changeset_status': 'rejected', '_session_csrf_secret_token': self.session_csrf_secret_token() } response = self.app.post(base.url(controller='changeset', action='comment', repo_name=base.HG_REPO, revision=rev), params=params, extra_environ={'HTTP_X_PARTIAL_XHR': '1'}) # Test response... assert response.status == '200 OK' response = self.app.get( base.url(controller='changeset', action='index', repo_name=base.HG_REPO, revision=rev)) response.mustcontain('''<div class="comments-number">''' ''' 1 comment (0 inline, 1 general)''') response.mustcontain(text) # test DB assert ChangesetComment.query().count() == 1 # check status status = ChangesetStatusModel().get_status(repo=base.HG_REPO, revision=rev) assert status == 'rejected'
def test_remove_api_key(self): self.log_user() user = User.get_by_username(base.TEST_USER_REGULAR_LOGIN) user_id = user.user_id response = self.app.post( base.url('edit_user_api_keys_update', id=user_id), { 'description': 'desc', 'lifetime': -1, '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'API key successfully created') response = response.follow() # now delete our key keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all() assert 1 == len(keys) response = self.app.post( base.url('edit_user_api_keys_delete', id=user_id), { 'del_api_key': keys[0].api_key, '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'API key successfully deleted') keys = UserApiKeys.query().filter(UserApiKeys.user_id == user_id).all() assert 0 == len(keys)
def test_create_with_mention(self): self.log_user() pr_id = self._create_pr() text = '@%s check CommentOnRevision' % base.TEST_USER_REGULAR_LOGIN params = { 'text': text, '_session_csrf_secret_token': self.session_csrf_secret_token() } response = self.app.post(base.url(controller='pullrequests', action='comment', repo_name=base.HG_REPO, pull_request_id=pr_id), params=params, extra_environ={'HTTP_X_PARTIAL_XHR': '1'}) # Test response... assert response.status == '200 OK' response = self.app.get( base.url(controller='pullrequests', action='show', repo_name=base.HG_REPO, pull_request_id=pr_id, extra='')) response.mustcontain('''<div class="comments-number">''' ''' 2 comments (0 inline, 2 general)''') response.mustcontain('<b>@%s</b> check CommentOnRevision' % base.TEST_USER_REGULAR_LOGIN) # test DB assert ChangesetComment.query().count() == 2
def test_delete_user_group_err(self): self.log_user() username = '******' groupname = 'usergroup_fail' fixture.create_user(name=username) ug = fixture.create_user_group(name=groupname, cur_user=username) new_user = Session().query(User) \ .filter(User.username == username).one() response = self.app.post(base.url('delete_user', id=new_user.user_id), params={ '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash( response, 'User "%s" still ' 'owns 1 user groups and cannot be removed. ' 'Switch owners or remove those user groups: ' '%s' % (username, groupname)) # TODO: why do this fail? #response = self.app.delete(base.url('delete_users_group', id=groupname)) #self.checkSessionFlash(response, 'Removed user group %s' % groupname) fixture.destroy_user_group(ug.users_group_id) response = self.app.post(base.url('delete_user', id=new_user.user_id), params={ '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'Successfully deleted user')
def test_delete_ip(self, auto_clear_ip_permissions): self.log_user() user = User.get_by_username(base.TEST_USER_REGULAR_LOGIN) user_id = user.user_id ip = '127.0.0.1/32' ip_range = '127.0.0.1 - 127.0.0.1' with test_context(self.app): new_ip = UserModel().add_extra_ip(user_id, ip) Session().commit() new_ip_id = new_ip.ip_id response = self.app.get(base.url('edit_user_ips', id=user_id)) response.mustcontain(ip) response.mustcontain(ip_range) self.app.post( base.url('edit_user_ips_delete', id=user_id), params=dict( del_ip_id=new_ip_id, _session_csrf_secret_token=self.session_csrf_secret_token())) response = self.app.get(base.url('edit_user_ips', id=user_id)) response.mustcontain('All IP addresses are allowed') response.mustcontain(no=[ip]) response.mustcontain(no=[ip_range])
def test_close_pr(self): self.log_user() pr_id = self._create_pr() text = 'general comment on pullrequest' params = { 'text': text, 'save_close': 'close', '_session_csrf_secret_token': self.session_csrf_secret_token() } response = self.app.post(base.url(controller='pullrequests', action='comment', repo_name=base.HG_REPO, pull_request_id=pr_id), params=params, extra_environ={'HTTP_X_PARTIAL_XHR': '1'}) # Test response... assert response.status == '200 OK' response = self.app.get( base.url(controller='pullrequests', action='show', repo_name=base.HG_REPO, pull_request_id=pr_id, extra='')) response.mustcontain('''title (Closed)''') response.mustcontain(text) # test DB assert PullRequest.get(pr_id).status == PullRequest.STATUS_CLOSED
def test_delete_repo_err(self): self.log_user() username = '******' reponame = 'repoerr_fail' fixture.create_user(name=username) fixture.create_repo(name=reponame, cur_user=username) new_user = Session().query(User) \ .filter(User.username == username).one() response = self.app.post(base.url('delete_user', id=new_user.user_id), params={ '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash( response, 'User "%s" still ' 'owns 1 repositories and cannot be removed. ' 'Switch owners or remove those repositories: ' '%s' % (username, reponame)) response = self.app.post(base.url('delete_repo', repo_name=reponame), params={ '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'Deleted repository %s' % reponame) response = self.app.post(base.url('delete_user', id=new_user.user_id), params={ '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'Successfully deleted user')
def test_create_custom_hook(self): self.log_user() response = self.app.post(base.url('admin_settings_hooks'), params=dict(new_hook_ui_key='test_hooks_1', new_hook_ui_value='cd %s' % base.TESTS_TMP_PATH, _session_csrf_secret_token=self.session_csrf_secret_token())) self.checkSessionFlash(response, 'Added new hook') response = response.follow() response.mustcontain('test_hooks_1') response.mustcontain('cd %s' % base.TESTS_TMP_PATH) # test_edit_custom_hook response = self.app.post(base.url('admin_settings_hooks'), params=dict(hook_ui_key='test_hooks_1', hook_ui_value='old_value_of_hook_1', hook_ui_value_new='new_value_of_hook_1', _session_csrf_secret_token=self.session_csrf_secret_token())) response = response.follow() response.mustcontain('test_hooks_1') response.mustcontain('new_value_of_hook_1') # test_add_existing_custom_hook response = self.app.post(base.url('admin_settings_hooks'), params=dict(new_hook_ui_key='test_hooks_1', new_hook_ui_value='attempted_new_value', _session_csrf_secret_token=self.session_csrf_secret_token())) self.checkSessionFlash(response, 'Hook already exists') response = response.follow() response.mustcontain('test_hooks_1') response.mustcontain('new_value_of_hook_1')
def test_delete_pr(self): self.log_user() pr_id = self._create_pr() text = 'general comment on pullrequest' params = { 'text': text, 'save_delete': 'delete', '_session_csrf_secret_token': self.session_csrf_secret_token() } response = self.app.post(base.url(controller='pullrequests', action='comment', repo_name=base.HG_REPO, pull_request_id=pr_id), params=params, extra_environ={'HTTP_X_PARTIAL_XHR': '1'}) # Test response... assert response.status == '200 OK' response = self.app.get(base.url(controller='pullrequests', action='show', repo_name=base.HG_REPO, pull_request_id=pr_id, extra=''), status=404) # test DB assert PullRequest.get(pr_id) is None
def test_delete_closed_pr(self): self.log_user() pr_id = self._create_pr() # first close text = 'general comment on pullrequest' params = { 'text': text, 'save_close': 'close', '_session_csrf_secret_token': self.session_csrf_secret_token() } response = self.app.post(base.url(controller='pullrequests', action='comment', repo_name=base.HG_REPO, pull_request_id=pr_id), params=params, extra_environ={'HTTP_X_PARTIAL_XHR': '1'}) assert response.status == '200 OK' # attempt delete, should fail params = { 'text': text, 'save_delete': 'delete', '_session_csrf_secret_token': self.session_csrf_secret_token() } response = self.app.post(base.url(controller='pullrequests', action='comment', repo_name=base.HG_REPO, pull_request_id=pr_id), params=params, extra_environ={'HTTP_X_PARTIAL_XHR': '1'}, status=403) # verify that PR still exists, in closed state assert PullRequest.get(pr_id).status == PullRequest.STATUS_CLOSED
def test_index_trending_git(self): self.log_user() # codes stats self._enable_stats(base.GIT_REPO) ScmModel().mark_for_invalidation(base.GIT_REPO) # generate statistics first response = self.app.get( base.url(controller='summary', action='statistics', repo_name=base.GIT_REPO)) response = self.app.get( base.url(controller='summary', action='index', repo_name=base.GIT_REPO)) response.mustcontain( '[["py", {"count": 68, "desc": ["Python"]}], ' '["rst", {"count": 16, "desc": ["Rst"]}], ' '["css", {"count": 2, "desc": ["Css"]}], ' '["sh", {"count": 2, "desc": ["Bash"]}], ' '["bat", {"count": 1, "desc": ["Batch"]}], ' '["cfg", {"count": 1, "desc": ["Ini"]}], ' '["html", {"count": 1, "desc": ["EvoqueHtml", "Html"]}], ' '["ini", {"count": 1, "desc": ["Ini"]}], ' '["js", {"count": 1, "desc": ["Javascript"]}], ' '["makefile", {"count": 1, "desc": ["Makefile", "Makefile"]}]]', )
def test_my_account_remove_api_key(self): usr = self.log_user(base.TEST_USER_REGULAR2_LOGIN, base.TEST_USER_REGULAR2_PASS) user = User.get(usr['user_id']) response = self.app.post( base.url('my_account_api_keys'), { 'description': 'desc', 'lifetime': -1, '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'API key successfully created') response = response.follow() # now delete our key keys = UserApiKeys.query().all() assert 1 == len(keys) response = self.app.post( base.url('my_account_api_keys_delete'), { 'del_api_key': keys[0].api_key, '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'API key successfully deleted') keys = UserApiKeys.query().all() assert 0 == len(keys)
def _api_key_test(self, api_key, status): """Verifies HTTP status code for accessing an auth-requiring page, using the given api_key URL parameter as well as using the API key with bearer authentication. If api_key is None, no api_key is passed at all. If api_key is True, a real, working API key is used. """ with fixture.anon_access(False): if api_key is None: params = {} headers = {} else: if api_key is True: api_key = User.get_first_admin().api_key params = {'api_key': api_key} headers = {'Authorization': 'Bearer ' + str(api_key)} self.app.get(base.url(controller='changeset', action='changeset_raw', repo_name=base.HG_REPO, revision='tip', **params), status=status) self.app.get(base.url(controller='changeset', action='changeset_raw', repo_name=base.HG_REPO, revision='tip'), headers=headers, status=status)
def test_delete(self): self.log_user() users_group_name = TEST_USER_GROUP + 'another' response = self.app.post( base.url('users_groups'), { 'users_group_name': users_group_name, 'user_group_description': 'DESC', 'active': True, '_session_csrf_secret_token': self.session_csrf_secret_token() }) response.follow() self.checkSessionFlash(response, 'Created user group ') gr = Session().query(UserGroup) \ .filter(UserGroup.users_group_name == users_group_name).one() response = self.app.post(base.url('delete_users_group', id=gr.users_group_id), params={ '_session_csrf_secret_token': self.session_csrf_secret_token() }) gr = Session().query(UserGroup) \ .filter(UserGroup.users_group_name == users_group_name).scalar() assert gr is None
def test_case_insensitivity(self): self.log_user() repo_name = self.NEW_REPO description = 'description for newly created repo' response = self.app.post( base.url('repos'), fixture._get_repo_create_params( repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, _session_csrf_secret_token=self.session_csrf_secret_token())) # try to create repo with swapped case swapped_repo_name = repo_name.swapcase() response = self.app.post( base.url('repos'), fixture._get_repo_create_params( repo_private=False, repo_name=swapped_repo_name, repo_type=self.REPO_TYPE, repo_description=description, _session_csrf_secret_token=self.session_csrf_secret_token())) response.mustcontain('already exists') RepoModel().delete(repo_name) Session().commit()
def test_create_in_group(self): self.log_user() ## create GROUP group_name = 'sometest_%s' % self.REPO_TYPE gr = RepoGroupModel().create(group_name=group_name, group_description='test', owner=base.TEST_USER_ADMIN_LOGIN) Session().commit() repo_name = 'ingroup' repo_name_full = db.URL_SEP.join([group_name, repo_name]) description = 'description for newly created repo' response = self.app.post( base.url('repos'), fixture._get_repo_create_params( repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, repo_group=gr.group_id, _session_csrf_secret_token=self.session_csrf_secret_token())) ## run the check page that triggers the flash message response = self.app.get( base.url('repo_check_home', repo_name=repo_name_full)) assert response.json == {'result': True} self.checkSessionFlash( response, 'Created repository <a href="/%s">%s</a>' % (repo_name_full, repo_name_full)) # test if the repo was created in the database new_repo = Session().query(Repository) \ .filter(Repository.repo_name == repo_name_full).one() new_repo_id = new_repo.repo_id assert new_repo.repo_name == repo_name_full assert new_repo.description == description # test if the repository is visible in the list ? response = self.app.get( base.url('summary_home', repo_name=repo_name_full)) response.mustcontain(repo_name_full) response.mustcontain(self.REPO_TYPE) inherited_perms = UserRepoToPerm.query() \ .filter(UserRepoToPerm.repository_id == new_repo_id).all() assert len(inherited_perms) == 1 # test if the repository was created on filesystem try: vcs.get_repo( os.path.join( Ui.get_by_key('paths', '/').ui_value, repo_name_full)) except vcs.exceptions.VCSError: RepoGroupModel().delete(group_name) Session().commit() pytest.fail('no repo %s in filesystem' % repo_name) RepoModel().delete(repo_name_full) RepoGroupModel().delete(group_name) Session().commit()
def test_my_account_my_emails_add_remove(self): self.log_user() response = self.app.get(base.url('my_account_emails')) response.mustcontain('No additional emails specified') response = self.app.post( base.url('my_account_emails'), { 'new_email': '*****@*****.**', '_session_csrf_secret_token': self.session_csrf_secret_token() }) response = self.app.get(base.url('my_account_emails')) from kallithea.model.db import UserEmailMap email_id = UserEmailMap.query() \ .filter(UserEmailMap.user == User.get_by_username(base.TEST_USER_ADMIN_LOGIN)) \ .filter(UserEmailMap.email == '*****@*****.**').one().email_id response.mustcontain('*****@*****.**') response.mustcontain( '<input id="del_email_id" name="del_email_id" type="hidden" value="%s" />' % email_id) response = self.app.post( base.url('my_account_emails_delete'), { 'del_email_id': email_id, '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'Removed email from user') response = self.app.get(base.url('my_account_emails')) response.mustcontain('No additional emails specified')
def test_my_account_my_emails_add_missing_email_in_form(self): self.log_user() response = self.app.get(base.url('my_account_emails')) response.mustcontain('No additional emails specified') response = self.app.post( base.url('my_account_emails'), {'_session_csrf_secret_token': self.session_csrf_secret_token()}) self.checkSessionFlash(response, 'Please enter an email address')
def test_redirection_after_successful_login_preserves_get_args(self, args, args_encoded): response = self.app.post(base.url(controller='login', action='index', came_from=base.url('/_admin/users', **args)), {'username': base.TEST_USER_ADMIN_LOGIN, 'password': base.TEST_USER_ADMIN_PASS, '_session_csrf_secret_token': self.session_csrf_secret_token()}) assert response.status == '302 Found' for encoded in args_encoded: assert encoded in response.location
def test_delete_non_ascii(self): self.log_user() non_ascii = "ąęł" repo_name = "%s%s" % (self.NEW_REPO, non_ascii) description = 'description for newly created repo' + non_ascii response = self.app.post( base.url('repos'), fixture._get_repo_create_params( repo_private=False, repo_name=repo_name, repo_type=self.REPO_TYPE, repo_description=description, _session_csrf_secret_token=self.session_csrf_secret_token())) ## run the check page that triggers the flash message response = self.app.get( base.url('repo_check_home', repo_name=repo_name)) assert response.json == {'result': True} self.checkSessionFlash( response, 'Created repository <a href="/%s">%s</a>' % (urllib.parse.quote(repo_name), repo_name)) # test if the repo was created in the database new_repo = Session().query(Repository) \ .filter(Repository.repo_name == repo_name).one() assert new_repo.repo_name == repo_name assert new_repo.description == description # test if the repository is visible in the list ? response = self.app.get(base.url('summary_home', repo_name=repo_name)) response.mustcontain(repo_name) response.mustcontain(self.REPO_TYPE) # test if the repository was created on filesystem try: vcs.get_repo( os.path.join(Ui.get_by_key('paths', '/').ui_value, repo_name)) except vcs.exceptions.VCSError: pytest.fail('no repo %s in filesystem' % repo_name) response = self.app.post(base.url('delete_repo', repo_name=repo_name), params={ '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'Deleted repository %s' % (repo_name)) response.follow() # check if repo was deleted from db deleted_repo = Session().query(Repository) \ .filter(Repository.repo_name == repo_name).scalar() assert deleted_repo is None assert os.path.isdir( os.path.join(Ui.get_by_key('paths', '/').ui_value, repo_name)) == False
def test_edit_permissions_permissions(self): user = User.get_by_username(base.TEST_USER_REGULAR_LOGIN) # Test unauthenticated access - it will redirect to login page response = self.app.post( base.url('edit_repo_perms_update', repo_name=base.HG_REPO), params=dict( perm_new_member_1='repository.read', perm_new_member_name_1=user.username, perm_new_member_type_1='user', _session_csrf_secret_token=self.session_csrf_secret_token()), status=302) assert not response.location.endswith( base.url('edit_repo_perms_update', repo_name=base.HG_REPO)) assert response.location.endswith( base.url('login_home', came_from=base.url('edit_repo_perms_update', repo_name=base.HG_REPO))) response = self.app.post( base.url('edit_repo_perms_revoke', repo_name=base.HG_REPO), params=dict( obj_type='user', user_id=user.user_id, _session_csrf_secret_token=self.session_csrf_secret_token()), status=302) assert response.location.endswith( base.url('login_home', came_from=base.url('edit_repo_perms_revoke', repo_name=base.HG_REPO))) # Test authenticated access self.log_user() response = self.app.post( base.url('edit_repo_perms_update', repo_name=base.HG_REPO), params=dict( perm_new_member_1='repository.read', perm_new_member_name_1=user.username, perm_new_member_type_1='user', _session_csrf_secret_token=self.session_csrf_secret_token()), status=302) assert response.location.endswith( base.url('edit_repo_perms_update', repo_name=base.HG_REPO)) response = self.app.post( base.url('edit_repo_perms_revoke', repo_name=base.HG_REPO), params=dict( obj_type='user', user_id=user.user_id, _session_csrf_secret_token=self.session_csrf_secret_token()), status=200) assert not response.body
def test_login_form_after_incorrect_login_preserves_get_args(self, args, args_encoded): response = self.app.post(base.url(controller='login', action='index', came_from=base.url('/_admin/users', **args)), {'username': '******', 'password': '******', '_session_csrf_secret_token': self.session_csrf_secret_token()}) response.mustcontain('Invalid username or password') came_from = urllib.parse.parse_qs(urllib.parse.urlparse(response.form.action).query)['came_from'][0] for encoded in args_encoded: assert encoded in came_from
def test_my_account_my_emails_add_existing_email(self): self.log_user() response = self.app.get(base.url('my_account_emails')) response.mustcontain('No additional emails specified') response = self.app.post( base.url('my_account_emails'), { 'new_email': base.TEST_USER_REGULAR_EMAIL, '_session_csrf_secret_token': self.session_csrf_secret_token() }) self.checkSessionFlash(response, 'This email address is already in use')
def test_add_delete_ips(self, auto_clear_ip_permissions): self.log_user() default_user_id = kallithea.DEFAULT_USER_ID # Add IP and verify it is shown in UI and both gives access and rejects response = self.app.post( base.url('edit_user_ips_update', id=default_user_id), params=dict( new_ip='0.0.0.0/24', _session_csrf_secret_token=self.session_csrf_secret_token())) base.invalidate_all_caches() response = self.app.get(base.url('admin_permissions_ips'), extra_environ={'REMOTE_ADDR': '0.0.0.1'}) response.mustcontain('0.0.0.0/24') response.mustcontain('0.0.0.0 - 0.0.0.255') response = self.app.get(base.url('admin_permissions_ips'), extra_environ={'REMOTE_ADDR': '0.0.1.1'}, status=403) # Add another IP and verify previously rejected now works response = self.app.post( base.url('edit_user_ips_update', id=default_user_id), params=dict( new_ip='0.0.1.0/24', _session_csrf_secret_token=self.session_csrf_secret_token())) base.invalidate_all_caches() response = self.app.get(base.url('admin_permissions_ips'), extra_environ={'REMOTE_ADDR': '0.0.1.1'}) # Delete latest IP and verify same IP is rejected again x = UserIpMap.query().filter_by(ip_addr='0.0.1.0/24').first() response = self.app.post( base.url('edit_user_ips_delete', id=default_user_id), params=dict( del_ip_id=x.ip_id, _session_csrf_secret_token=self.session_csrf_secret_token())) base.invalidate_all_caches() response = self.app.get(base.url('admin_permissions_ips'), extra_environ={'REMOTE_ADDR': '0.0.1.1'}, status=403) # Delete first IP and verify unlimited access again x = UserIpMap.query().filter_by(ip_addr='0.0.0.0/24').first() response = self.app.post( base.url('edit_user_ips_delete', id=default_user_id), params=dict( del_ip_id=x.ip_id, _session_csrf_secret_token=self.session_csrf_secret_token())) base.invalidate_all_caches() response = self.app.get(base.url('admin_permissions_ips'), extra_environ={'REMOTE_ADDR': '0.0.1.1'})
def test_fork_create_into_group(self): self.log_user() group = fixture.create_repo_group('vc') group_id = group.group_id fork_name = self.REPO_FORK fork_name_full = 'vc/%s' % fork_name description = 'fork of vcs test' repo_name = self.REPO org_repo = Repository.get_by_repo_name(repo_name) creation_args = { 'repo_name': fork_name, 'repo_group': group_id, 'fork_parent_id': org_repo.repo_id, 'repo_type': self.REPO_TYPE, 'description': description, 'private': 'False', 'landing_rev': 'rev:tip', '_session_csrf_secret_token': self.session_csrf_secret_token() } self.app.post( base.url(controller='forks', action='fork_create', repo_name=repo_name), creation_args) repo = Repository.get_by_repo_name(fork_name_full) assert repo.fork.repo_name == self.REPO ## run the check page that triggers the flash message response = self.app.get( base.url('repo_check_home', repo_name=fork_name_full)) # test if we have a message that fork is ok self.checkSessionFlash( response, 'Forked repository %s as <a href="/%s">%s</a>' % (repo_name, fork_name_full, fork_name_full)) # test if the fork was created in the database fork_repo = Session().query(Repository) \ .filter(Repository.repo_name == fork_name_full).one() assert fork_repo.repo_name == fork_name_full assert fork_repo.fork.repo_name == repo_name # test if the repository is visible in the list ? response = self.app.get( base.url('summary_home', repo_name=fork_name_full)) response.mustcontain(fork_name_full) response.mustcontain(self.REPO_TYPE) response.mustcontain('Fork of "<a href="/%s">%s</a>"' % (repo_name, repo_name)) fixture.destroy_repo(fork_name_full) fixture.destroy_repo_group(group_id)
def test_case_insensitivity(self): self.log_user() group_name = 'newgroup' response = self.app.post(url('repos_groups'), fixture._get_repo_group_create_params(group_name=group_name, _session_csrf_secret_token=self.session_csrf_secret_token())) # try to create repo group with swapped case swapped_group_name = group_name.swapcase() response = self.app.post(url('repos_groups'), fixture._get_repo_group_create_params(group_name=swapped_group_name, _session_csrf_secret_token=self.session_csrf_secret_token())) response.mustcontain('already exists') RepoGroupModel().delete(group_name) Session().commit()
def test_case_insensitivity(self): self.log_user() group_name = u'newgroup' response = self.app.post(url('repos_groups'), fixture._get_repo_group_create_params(group_name=group_name, _authentication_token=self.authentication_token())) # try to create repo group with swapped case swapped_group_name = group_name.swapcase() response = self.app.post(url('repos_groups'), fixture._get_repo_group_create_params(group_name=swapped_group_name, _authentication_token=self.authentication_token())) response.mustcontain('already exists') RepoGroupModel().delete(group_name) Session().commit()
def test_banned_http_methods(self): self.app.request(url(controller='login', action='index'), method='PUT', status=405) self.app.request(url(controller='login', action='index'), method='DELETE', status=405)
def test_banned_http_method_override(self): self.app.get(url(controller='login', action='index'), {'_method': 'POST'}, status=405) self.app.post(url(controller='login', action='index'), {'_method': 'PUT'}, status=405)